Abstract
Realistic models for worm propagation in the Internet have become one of the major topics in the academic literature concerning network security. In this paper, we propose an evolution equation for worm propagation in a very small number of Internet hosts, hereinafter called a subnet and introduce a generalization of the classical epidemic model by including a second order spatial term which models subnet interactions. The corresponding gradient coefficient is a measure of the characteristic scale of interactions and as a result a novel scale approach for understanding the evolution of worm population in different scales, is considered. Results concerning random scan strategies and local preference scan worms are presented. A comparison of the proposed model with simulation results is also presented. Based on our model, more efficient monitoring strategies could be deployed.
Similar content being viewed by others
References
Anderson R.M., May R.M. (1991). Infectious diseases of humans: dynamics and control. Oxford University Press, Oxford
Blaster (2003) eEye Digital Security, Blaster worm analysis. http://www.eeye.com/html/Research/Advisories/AL20030811.html
Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-End Containment of Internet Works. In: 20th ACM symposium on Operating systems principles, pp. 133–147 (2005)
Gu, G., Sharif, M., Qin, X., Dagon, D., Lee, W., Riley, G.: Worm detection, early warning and response based on local victim information. In: 20th Annual Computer Security Applications Conference, pp. 136–145 (2004)
Heathcote The mathematics of infectious diseases. SIAM Rev. 42(4), 599–653 (2000)
Kephart, White: Directed graph epidemiological models of computer viruses. IEEE Symposium on security and privacy (1991)
Kermack, W.O., McKendrick, A.G.: A contribution to the mathematical theory of epidemics. In: Proceedings of the Royal Society of London. Series A, Containing Papers of a Mathematical and Physical Character, vol. 115, No. 772, pp. 700–721 (1927)
Kesidis, G., Hamadeh, I.: Jiwasurat Soranun.: coupled Kermack–McKendrick models for randomly scanning and bandwidth-saturating internet worms. In: QoS-IP 2005, LNCS 3375, pp. 101–109 (2005)
Moore D., Paxson V., Savage S. (2003). Inside the slammer worm. Slammer 1: 33–39
Moore D., Shannon C., Brown J.: Code-red: a case study on the spread and victims of an internet worm. In: Proceedings of 2-th Internet Measurement Workshop (IMW) (2002)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. INFOCOM (2003)
Nimda (2001) Symantec, “W32.nimda.a@mm,” http://www. symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
Onwubiko, et al.: An improved worm mitigation model for evaluating the spread of aggressive network worms (2005)
Sharif, M.I., Riley, G.F., Lee, W.: Comparative study between analytical models and packet-level worm simulations. In: 19th Workshop on Principles of Advanced and Distributed Simulation. IEEE, pp. 88–98 (2005)
Serazzi, G., Zanero, S.: Computer virus propagation models. In: Calzarossa, M.C., Gelenbe, E. (eds.) Tutorials of the 11th IEEE/ACM Int’l symp. on modeling, analysis and simulation of computer and telecom—systems—MASCOTS 2003. Springer, New York (2003)
Sidiroglou, S., Keromytis, A.D.: (2005) Countering network worms through automatic patch generation. IEEE Security and Privacy
Staniford S., Paxson V., Weaver N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX security symposium (Security ’02) (2002)
Wang Y., Chakrabarti D., Wang C., Faloutsos C.: Epidemic spreading in real networks: an eigenvalue viewpoint. In: Proceedings of the 22nd International Symposium on Reliable Distributed Systems (2003)
Weaver N., Paxson V., Staniford S., Cunningham R.: A taxonomy of computer worms. In: ACM Workshop on Rapid Malcode (WORM) (2003)
Yang, W., Chenxi, W.: Modeling the effects of timing parameters on virus propagation. In: Proceedings of the 2003 ACM workshop on Rapid Malcode, pp. 61–66. ACM Press, New York (2003)
Yu, W., Wang, X., Xuan, D., Lee, D.: Effective detection of active worms with varying scan rate. In: Proceedings of IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), to appear (2006)
Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 138-147. ACM Press, New York (2002)
Zou, C., Gong, W.B., Towsley, D., Gao, L.X.: Monitoring and early detection for internet worms. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS), October (2003)
Zou Cliff, C., Towsley, D., Gong, W.: On the performance of Internet worm scanning strategies. Performance Evaluation 63 (2006), Science Direct, pp. 700–723 (2006)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Avlonitis, M., Magkos, E., Stefanidakis, M. et al. A spatial stochastic model for worm propagation: scale effects. J Comput Virol 3, 87–92 (2007). https://doi.org/10.1007/s11416-007-0048-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-007-0048-y